Cyber Attacks Turning Biggest Risk to Businesses and Brands: Report

As per a recent study report, cyber attacks are now becoming the No. 1 risk to businesses, brands, operations and financials.

It’s the SonicWall “2018 Cyber Threat Report” that has come up with these inferences. The report finds that cyber attacks are now becoming the No. 1 risk to business, brands, operations and financials. The report also states that there were in total 9.32 billion malware attacks in 2017, which is an 18.4 percent increase when compared to the figure in 2016. Similarly, the report also says that there has been a drop in ransomware attacks; the figure has dropped from 638 million to 184 million between 2016 and 2017, though there has been a 101.2 percent increase in ransomware variants.

A press release published by SonicWall discusses the report in detail. The press release says- “In sum, the company recorded 9.32 billion malware attacks in 2017 and saw more than 12,500 new Common Vulnerabilities and Exposures (CVE) reported for the year.”

The other major findings of the SonicWall threat report are:

• There has been a 24 percent increase in traffic encrypted by SSL/TLS; this represents 68 percent of the total traffic.
• If not for SSL decryption capabilities, an average organization would be hit by almost 900 attacks annually, hidden by SSL/TLS encryption.
• Almost 500 new, previously unknown malicious files are identified every day by SonicWall.

The press release quotes SonicWall CEO Bill Conner as saying-“The cyber arms race affects every government, business, organization and individual. It cannot be won by any one of us…Our latest proprietary data and findings show a series of strategic attacks and countermeasures as the cyber arms race continues to escalate. By sharing actionable intelligence, we collectively improve our business and security postures against today’s most malicious threats and criminals.”

Conner is also quoted as saying- “Our latest proprietary data and findings show a series of strategic attacks and countermeasures as the cyber arms race continues to escalate. By sharing actionable intelligence, we collectively improve our business and security postures against today’s most malicious threats and criminals.”

The SonicWall “2018 Cyber Threat Report” discusses the advances that the security industry seems to be registering and at the same time also throws light on the other side, the advancements made on the side of the cyber criminals. Let’s take a brief look at both the aspects:

Advances registered by the security industry

A decline in ransomware attack volume- Despite ransomware attacks making headlines, data shows that there has been a drop in the total volume of ransomware attacks; there has been a 71.2 percent frop, from 638 million to 184 million between 2016 and 2017. It was the Americas that received 46 percent of all ransomware attack attempts while Europe got 37 percent of the attacks.

Increase in the use of SSL/TLS- There has been a 24 percent increase in encrypted SSL/TLS traffic in 2017; this traffic made up 68 percent of the total traffic recorded. The report also says that organizations are beginning to implement security controls (like deep packet inspection) to detect and mitigate attacks in encrypted traffic.

Impact in the effectiveness of exploit kits- No critical vulnerabilities were discovered in Adobe Flash in 2017, with most browsers dropping support of Flash. Similarly, SonicWall gave protection against Microsoft Edge attacks, which increased by 13 percent. Attacks against Adobe applications also dropped while other applications like Apple TV and Microsoft Office featured in the top 10 among targeted applications.

More stringent law enforcement helped a lot- It was a more stringent kind of law enforcement that was seen in 2017, with many cyber criminals being arrested and convicted. This has helped disrupt malware supply chains and also is impacting the rise of new hackers and malware authors. SonicWall also reports that now cyber criminals have turned more careful about their business, including cryptocurrency wallet-based trading and the use of other transaction currencies. There is also better cooperation on the international level as regards law enforcement.

Advances made by cyber criminals

Increase in the number of ransomware variants- On the one hand, there has been a decline in the total volume of ransomware attacks while on the other side there has been an increase in the number of ransomware variants. More unique types of ransomware are now emerging; SonicWall reports a 101.2 percent increase in 2017, with researchers creating 2,855 new unique ransomware signatures in 2017, up from the 1,419 published in 2016. It’s also estimated that ransomware against IoT and mobile devices would increase in 2018.

Cyber attacks hiding in SSL encryption still prevalent- The trend among cyber criminals to circumvent traditional security controls and hide attacks in SSL encryption continues. The SonicWall report states that in the absence of SSL decryption capabilities, an average organization would face almost 900 file-based attacks per year hidden by TLS/SSL encryption.

Malware writers mixing codes and coming up with malware cocktails- 2017 saw many malware authors leveraging one another’s malware code and mixing them up to form totally new malware. Such malware cocktails could prove a challenge to signature-based security software.

Cyber criminals looking to exploit chip processors and IoT- The year saw cyber criminals pushing new attack techniques into advanced technology spaces. The criminals were looking to exploit chip processors, IoT etc.